CVE-2020-9770: 
Linux Ubuntu vulnerability analysis and mitigation

CVE-2020-9770 is a Bluetooth vulnerability discovered in Apple's iOS and iPadOS operating systems. The vulnerability was disclosed on March 24, 2020, and affects iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation devices running versions prior to iOS 13.4 and iPadOS 13.4. The issue was identified by researchers Jianliang Wu of PurSec Lab of Purdue University, Xinwen Fu and Yue Zhang of the University of Central Florida (Apple Advisory).

The vulnerability stems from a logic issue in the Bluetooth implementation of iOS and iPadOS. The issue received a CVSS v3.1 Base Score of 6.5 (Medium) with a vector string of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N, indicating network attack vector, low attack complexity, low privileges required, no user interaction needed, unchanged scope, high confidentiality impact, but no impact on integrity or availability (NVD).

An attacker in a privileged network position may be able to intercept Bluetooth traffic between affected devices. This could potentially lead to unauthorized access to sensitive information transmitted over Bluetooth connections (Apple Advisory).

Apple addressed this vulnerability by improving state management in iOS 13.4 and iPadOS 13.4. Users of affected devices should update to these versions or later to protect against potential exploitation (Apple Advisory).